Home > Vulnerability Database > CVE-2015-5252

Mend.io Vulnerability Database

CVE-2015-5252

Good to know:

Date: December 29, 2015

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.

Language: C

Severity Score

7.2

Related Resources (29)

Url: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

Url: https://access.redhat.com/security/cve/CVE-2015-5252

Url: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-5252

Url: http://www.securitytracker.com/id/1034493

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

Url: http://www.ubuntu.com/usn/USN-2855-2

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1290288

Url: http://www.ubuntu.com/usn/USN-2855-1

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html

Url: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

Url: http://www.securityfocus.com/bid/79733

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html

Url: http://www.debian.org/security/2016/dsa-3433

Url: https://security-tracker.debian.org/tracker/CVE-2015-5252

Url: http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Url: https://www.samba.org/samba/security/CVE-2015-5252.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

Url: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

Url: https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=4278ef25f64d5fdbf432ff1534e275416ec9561e

Url: https://security.gentoo.org/glsa/201612-47

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5252

Url: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-5252

Severity Score

7.2

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Top Fix

Upgrade Version

Upgrade to version 4.3.3,4.2.7,4.1.22

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-5252

Good to know:

Date: December 29, 2015

Language: C

Severity Score

Related Resources (29)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?